Microsoft Accuses Google of Breaching User Privacy
Donald Sutherland spots a transgressor at the end of the 1978 remake of 'Invasion of the Body Snatchers.'
CREDIT: United Artists
Last week, Google admitted that it, along with three other online ad-placement companies, had used a coding trick to get around default privacy settings in Apple's Safari browser. Yesterday (Feb. 20), it was Microsoft's turn to accuse Google of similar shady dealings regarding Internet Explorer.
"When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: Is Google circumventing the privacy preferences of Internet Explorer users too?" wrote Dean Hachamovitch, the Microsoft vice president in charge of Internet Explorer, in a posting on the Windows Internet Explorer Engineering Team Blog.
"We've discovered the answer is yes," Hachamovitch wrote. "Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies."
However, on further examination, Hachamovitch's accusations start to seem like much ado about not much.
Internet Explorer uses something called P3P Privacy Protection, which was introduced about 10 years ago to give users more control over the information they give websites. P3P cookies are based on an agreement between users and websites, and Google apparently is ignoring that agreement.
"By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site's use does not include tracking the user," Hachamovitch wrote. "Google's P3P policy causes Internet Explorer to accept Google's cookies even though the policy does not state Google's intent."
That may be the case, but it's also true that Internet Explorer is the only one of the five major browsers — the others are Safari, Mozilla Firefox, Google Chrome and Opera — to use P3P. The other browser makers found P3P hard to implement, and even the Electronic Privacy Information Center, normally a fierce defender of online privacy, recommended against using P3P, calling it a "complex and confusing protocol that will make it more difficult for Internet users to protect their privacy."
Google pointed this out in a statement it gave to the tech blog The Verge.
"It is well-known — including by Microsoft — that it is impractical to comply with Microsoft’s request while providing modern Web functionality," the statement said. "We have been open about our approach, as have many other websites. ... A 2010 research report indicated that over 11,000 websites were not issuing valid P3P policies as requested by Microsoft."
And it turns out that Google's not the only major Web player to ignore P3P. Facebook does too, and states as much on a Facebook Help Center webpage.
"The organization that established P3P, the World Wide Web Consortium, suspended its work on this standard several years ago because most modern Web browsers do not fully support P3P," the page reads. "As a result, the P3P standard is now out of date and does not reflect technologies that are currently in use on the web, so most websites currently do not have P3P policies."
If you'd like to reset your P3P settings so that neither Google nor Facebook can track you, Microsoft has a page that will let you do so, but you'll have to make sure to open it in Internet Explorer.
This story was provided by SecurityNewsDaily, a sister site to TechNewsDaily.